CapitaLand Malaysia Mall Trust | Annual Report 2020

INTRODUCTION Paragraph 15.26(b) of the Listing Requirements requires the board of directors of any public listed issuer to include in its annual report a statement about the state of internal control of the listed issuer as a group and the Board is guided by the Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers. BOARD’S RESPONSIBILITY In discharging the Board’s stewardship responsibilities, the Board assumes the responsibility for the system of internal controls and risk management as set up by the Manager for CMMT. The Board is responsible for the adequacy and integrity of the system of risk management and internal controls. It is an essential part of the Board’s responsibilities to identify principal risks, formulate the risk appetite of the CMMT Group, set the key risk indicators/thresholds and ensure that appropriate systems and policies are in place to manage these risks and review the adequacy and integrity of such internal controls system and policies. However, the Board acknowledges that no system of risk management and internal controls can provide absolute assurance in this regard, or absolute assurance against poor judgment in decision making, human error, losses, fraud or other irregularities. A sound system of risk management and internal controls therefore provides a reasonable but not absolute assurance that the CMMT Group will not be significantly affected by any event that can be reasonably foreseen as it strives to achieve its business objectives. RISK MANAGEMENT Effective risk management is a fundamental part of CMMT’s business strategy. The key risks and control measures are described in the Enterprise Risk Management section of CMMT’s Annual Report 2020. Recognising and managing risk is central to CMMT’s business and to protect Unitholders’ interests and value. CMMT operates within guidelines and parameters set by the Board for the Manager and CMMT. Based on the RCSA, transactions are analysed to understand the risks involved. Responsibility for managing risk lies initially with the business unit concerned, working within the overall strategy endorsed by the Board. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL The Manager’s focus on risk management recognises that risk management is, prima facie, an issue for Management. The ERM Framework supports this focus but provides a structured context for Management to undertake a review of the past performance, and to profile the current and future risks it faces within its areas of responsibility. This risk information is consolidated and used as key input into the risk management review sessions which are held at least once a year to review CMMT’s strategic direction in detail, and include specific focus on the identificationof key businesses and financial risks which could prevent CMMT from achieving its objectives. Management is then required to ensure that appropriate controls are in place to effectively manage those risks, and such risks and controls are monitored by the AC and Exco respectively on a quarterly basis and by the Board annually. The internal audit plan is developed in conjunction with the risk management programme and is focused on ensuring that the operation of internal controls and assessment reflects the effectiveness and efficiency of the control environment. The Manager has determined that significant risks for CMMT will likely arise when making property investment decisions and have identified these in the RCSA. Accordingly, the Manager has established procedures to be followed when making such decisions. In accordance with these procedures, the Board requires comprehensive due diligence to be carried out in relation to any proposed investment and a suitable determination is made as to whether the anticipated return on the proposed investment is appropriate, having regard to the level of risk. The Board usually meets quarterly, or more often if necessary, to review and approve the financial performance of the Manager and of the CMMT Group against a previously approved budget. The Board also reviews the risks to the assets of the CMMT Group and acts upon any comments by EA of CMMT. In assessing business risks, the Board considers the economic environment and property industry risks. The Board and its Exco review and approve all investment decisions and key treasury matters. Management meets monthly to review the operations of the Manager and CMMT and discuss continuous disclosure issues. 115 BECAUSE TOMORROW MATTERS